This chapter is from the book
This chapter is from the book
This chapter is from the book
Answers to Exam Prep Questions
-
Answer D is correct. AD object access are NOT logged as a result of this audit policy. After the SACL is configured, Auditing Object Access tracks access to Files, Folders, and Printers and also tracks Registry changes. Directory Service access tracks AD object access. Both these audit policies require additional configuration of the SACL on the object(s) of interest.
-
The correct order for GPO processing is C, then, A, then D, and then B. L-S-D-OU is the way that policies get processed. The Local Computer Policy is followed by Site policies, followed by Domain policies, and finally followed by OU policies. OU policies process starting with the top-level OU policies, which are then followed by each subsequent child OU's policies walking down the OU hierarchical branch. First, the computer half gets processed, L-S-D-OU, as the computer boots up. Then the user half gets processed, L-S-D-OU, after the user logs in. Together, these establish the desktop and security for the user's session on that computer.
-
Answer B is correct. The wireless configuration deployment failed because of the Device Installation Restriction policy. Wireless configuration can be automated on a thumb drive. You can configure the Device Installation Restriction not to apply to Administrators. Disabling the computer half of the GPO would weaken security because it would disable the device installation restrictions. The SSID broadcasts and MAC address filtering both enhance security for the wireless network but would not facilitate the deployment of the wireless configuration to the secretaries' computers.
-
Answers B and D are correct. The processing priority for the different rules is Certificate Rules override all other rules, followed by Hash, Path, Internet Zone, and finally the Default Rule has the lowest priority and is overridden by any other rules. So to override a Path Rule, you could implement a Hash Rule for the R&D OU, answer B. The most specific Path Rule overrides a less specific Path Rule, so the longer path in answer D would override the shorter Path Rule set at the domain level.
-
Answer A is correct. You must implement the Secure Server IPSec policy on the servers. The Secure Server IPSec policy on the Vista clients would require security only for inbound connections. In this case, the Vista computers are the clients and are making outbound connections to the HiSec Servers. The Server Request IPSec policy would allow unsecured connections if a client could not run IPSec. The client respond policy would be required on the Vista computers, not the servers.
-
Answer D is correct. The Software Deployment GPO can be configured to uninstall the software when the users are no longer within your OU. Logging off by itself does not cause the software to be removed from computers. File extension activation configures the software package for installation, not removal. Setting the Default Software Restriction Policy to Disallowed would disallow all software from running on your OU. This would not remove any software from computers being used by users outside your OU.
-
Answer C is correct. You want to publish the software to the users. This way, only the ones who want to use the application will install it. Software packages cannot be published to computers, only assigned. Even though you got a deal on the software, assigning to the users costs you extra money because all users get the package. Assigning to the computers also costs you extra money, again, because all computers get the software.
-
Answers A and C are correct. Authenticated users need the Allow—Read permission. Administrators need at least the Allow—Change permission. (Most of the time, administrators grant themselves the Allow—Full Control permission on these SDPs because they may need to make adjustments to the NTFS permissions within the share point. But this is more privilege than is required on the SDP.) Everyone Allow—Change is too much privilege, and adding the computer names to the Trusted Sites list in IE has no benefit in this scenario.
-
Answers A and D are correct. You simply want to terminate the currently running instance of GoodApp.exe but keep the task scheduled for future executions. For this, you use the /end switch. You want the currently running instance of OldApp.exe to be terminated, and you want OldApp.exe to be removed as a scheduled task, so you would use the /delete switch on the SchTasks.exe command.
-
Answers B and C are correct. You need to run the Windows Remote Management utility (winrm.exe) on the 10 remote Windows Vista computers. These are the Source computers. You want to run the Windows Event Collector utility (wecutil.exe) on the Collector computer, your one Windows Vista computer.
-
Answers A, D, and G are correct. The three tools available to analyze how GPOs are being applied are the Group Policy Modeling tool inside GPMC, the older Resultant Set of Policies (RSoP), and GPResult.exe. The Computer Management MMC includes several worthy tools, like Local Users and Groups, Disk Management and Services, but it does not analyze GPO processing. GPUpdate reapplies GPOs that have been changed since the last GPO Refresh. Used with the /Force switch, it can reapply all GPOs to a user's session, but it does not analyze GPO processing. AD domains and trusts is used to transfer the Domain Naming Operations Master and to assemble and test inter-domain and interforest trusts. The Local Computer Policy might be considered one of the policies being analyzed, but it does not analyze GPO processing. Remote Desktop Connection is used to make connections to Terminal Servers, and it does not analyze GPO processing.
-
Answers B and D are correct. The RPM tool can export into binary log file format (*.blg) and the comma-separated value file format (*.csv). *.evt files are used by Event Viewer as the extension for its log files. *.bin files are usually binary files, not binary log files (*.blg).
-
Answer C is correct. Because the task fails when running with the credentials of the administrator but runs successfully when it is launched using your credentials, use your credentials to launch the Scheduled Task. The SchTasks /Run command causes the task to launch immediately. Deleting and re-creating the task with the same parameters does not resolve the credentials issue. UDP port 500 is used by IPSec, which has nothing to do with this issue.